en.Wedoany.com Reported - On May 12, 2026, the 360 Artificial Intelligence Security Research Institute officially released a report titled "AI Is Creating a New Security Generation Gap—From 'Can We Defend?' to 'Can We Make It in Time?'", introducing for the first time the concept of the "AI Security Time Gap" (ASTG). The report's core conclusion points out that as AI comprehensively penetrates areas such as vulnerability analysis, code generation, and attack chain construction, cybersecurity offense and defense are shifting from "human response speed" to "machine speed," a change that is rewriting the global rules of cybersecurity offense and defense. The report was independently completed by the 360 AI Security Research Institute, based on publicly verifiable security incident data and industry research findings, aiming to provide a quantitative reference framework for building cybersecurity defense systems in the AI era.

Based on research using public data such as the U.S. Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities Catalog (CISA KEV), the report found that the time window from the official disclosure of high-profile vulnerabilities to the emergence of usable proof-of-concept code is being continuously compressed, with some high-value vulnerability scenarios already falling into the 24 to 72-hour range. Meanwhile, the vulnerability patching, approval, and handling processes of most organizations still operate on a timeline measured in "weeks" or even "months." This mismatch in offensive and defensive rhythms is creating a new security dilemma. The 360 AI Security Research Institute pointed out that the AI Security Time Gap is not only a generation gap in attack and defense speed but also a concentrated manifestation of the capability gap between nations in cyberspace offense and defense within the time dimension.

According to the report's logical deduction, AI has significantly lowered the threshold for "weaponizing vulnerabilities." In the past, complex vulnerabilities, from discovery and verification to the formation of stable exploitation capabilities, relied on a small number of top experts or even national-level APT teams, with the overall cycle being lengthy and costly. In the AI era, processes such as vulnerability analysis, exploit verification, and attack path reasoning are being automated and scaled up by agent systems. Attackers can use AI agents to complete the entire chain of operations from vulnerability discovery to attack weapon delivery in an extremely short time. If defenders remain stuck in the traditional rhythm of manual discovery, manual assessment, and manual handling, the asymmetry between offense and defense will further intensify. Especially in critical information infrastructure sectors such as key software, foundational platforms, energy, and finance, vulnerabilities are no longer isolated technical flaws but may escalate into strategic risk vectors affecting national security capabilities and infrastructure resilience.

The international competitive landscape confirms this trend. The report notes that Anthropic's Mythos model in the U.S. is conducting cutting-edge exploration in the field of vulnerability discovery and is currently undergoing testing applications within a limited scope, sending a clear signal that the global race for AI vulnerability capabilities has begun. Zhou Hongyi, founder of the 360 Group, previously stated publicly that vulnerabilities are core strategic resources in cyber warfare, and the capability to discover vulnerabilities determines a nation's initiative in cybersecurity. He assessed that with the addition of AI, cybersecurity competition is upgrading from "human-to-human" expert confrontation to "algorithm-to-algorithm, computing power-to-computing power, and a comprehensive confrontation between machines and human power." This upgrade imposes fundamentally reshaping requirements on the capability architectures of both offensive and defensive sides.

From a practical perspective, 360's own accumulation in the field of vulnerability discovery agents has yielded scaled output. Public information shows that 360's vulnerability discovery agents have cumulatively discovered nearly a thousand vulnerabilities, covering core scenarios such as operating systems, office software, AI tools, domestic systems, and IoT devices. Vulnerabilities involving major security risks were reported to the national vulnerability database at the earliest opportunity. Previously, related technical capabilities also attracted attention from overseas research institutions and international media. Industry insiders believe that technological breakthroughs represented by 360, combined with national-level vulnerability resource coordination mechanisms, are propelling China to form an independent capability advantage in the field of AI vulnerability discovery, entering the global first tier.

In response to the urgent situation where AI continuously compresses the window for vulnerability discovery and weaponized exploitation, the report clearly proposes strategic recommendations in its concluding section: China needs to accelerate the construction of an independent and controllable AI vulnerability capability reserve system, elevating the reduction of the "AI Security Time Gap" to a key national cybersecurity project. Zhou Hongyi commented on this assessment, stating: "In the future, vulnerability discovery agents are expected to truly achieve the goal of keeping enemies outside the national gate, building a solid barrier for national cyberspace security."

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com